Fault Tolerant Cipher Processing Utilizing Cryptographic Controls

The present application claims the benefit of U.S. Provisional Patent Application No. 63/715,978 filed Nov. 4, 2024, titled “FAULT TOLERANT CIPHER PROCESSING UTILIZING CRYPTOGRAPHIC CONTROLS”, which is incorporated herein by reference in the entirety.

The subject matter disclosed by the instant application is directed generally to cryptographic systems and more particularly to the fault-tolerant cryptographic systems.

Traditional cipher engines that perform encryption and decryption for communication systems are susceptible to single faults that can cause the cipher engine to leak information. A leak occurs when plaintext information inadvertently arrives at the cipher text output of the cipher engine, resulting in the release of information that should have been encrypted but was not. Therefore, there is a need for systems and methods to prevent the release of non-encrypted information when a fault occurs.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, including: a first cipher engine, a second cipher engine, and a plaintext compare engine, wherein the first cipher engine, the second cipher engine, and the plaintext compare engine are configured to receive copies of an outbound data packet, wherein the first cipher engine and the second cipher engine are configured to encrypt the outbound data packet via at least one security policy, generating a first ciphertext data packet and a second ciphertext data packet; a first random number generator (RNG) configured to generate a first one-time pad; a second RNG configured to generate at least one second one-time pad; a third RNG configured to generate a third one-time pad; a first front-end logic gate configured to encrypt the first ciphertext data packet according to the first one-time pad; a second front-end logic gate configured to double encrypt the first ciphertext data packet according to the at least one second one-time pad; a third front-end logic gate configured to triple encrypt the first ciphertext data packet according to an at least one third one-time pad; and a hold register configured to store at least one third encrypted ciphertext data packet.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein the first ciphertext data packet and the second ciphertext data packet are inspected via a first compare engine according to the at least one security policy, wherein the first ciphertext data packet and the second ciphertext data packet are inspected via an second compare engine according to the at least one security policy, wherein the outbound data packet and the second ciphertext data packet are inspected by the plaintext compare engine, wherein a successful comparison of the first ciphertext data packet and the second ciphertext data packet by the first compare engine is indicated by 1) transmitting a first release signal to the hold register and 2) transmitting the first one-time pad to a first back-end logic gate, wherein successful comparison of the first ciphertext data packet and the second ciphertext data packet by the second compare engine is indicated by 1) transmitting at least one second release signal to the hold register and 2) transmitting the at least one second one-time pad to a second back-end logic gate, wherein a successful comparison of the outbound data packet and the second ciphertext data packet by the plaintext compare engine is indicated by; 1) transmitting at least one third release signal to the hold register and 2) transmitting the at least one third one-time pad to at least one third back-end logic gate, wherein the hold register is configured to release the at least one third encrypted ciphertext data packet to the first back-end logic gate when the hold register has received the first release signal, the at least one second release signal, and the at least one third release signal.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, further including: the first back-end logic gate, wherein the first back-end logic gate is configured to partially decrypt the at least one third encrypted ciphertext data packet according to the first one-time pad; the second back-end logic gate, wherein the second back-end logic gate is configured to partially decrypt the double encrypted ciphertext data packet according to the at least one second one-time pad; and the third back-end logic gate, wherein the third back-end logic gate is configured to fully decrypt the partially decrypted ciphertext data packet according to the third one-time pad.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein the first front-end logic gate, the at least one second front-end logic gate, the first back-end logic gate, and the at least one second back-end logic gate include at least one bitwise exclusive-or (XOR) logic gate.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a fault of the first cipher engine prevents the first cipher engine from generating a first ciphertext data packet, wherein preventing the first cipher engine from generating a first ciphertext data packet causes the first compare engine and the second compare engine to halt operation and prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a fault of the first cipher engine prevents the second cipher engine from generating a second ciphertext data packet, wherein preventing the second cipher engine from generating a second ciphertext data packet causes the first compare engine and the second compare engine to halt operation and prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a fault one or more RNGs causes a generation of poor quality random numbers, wherein the generation of poor quality random numbers does not prevent encryption of the generating a first ciphertext data packet by the first cipher engine, and does not prevent the first ciphertext data packet from being received by a ciphertext output port.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a fault in the first compare engine causes a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet, wherein a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a fault in the second compare engine causes a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet, wherein a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a fault in the hold register causes a premature release of first ciphertext data packet, wherein a premature release of the first ciphertext data packet causes first ciphertext data packets received by a ciphertext output port that are encrypted by the first cipher engine.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a fault in one or more logic gates causes first ciphertext data packets received by a ciphertext output port that are encrypted by the first cipher engine.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a failure of both the first cipher engine and the second cipher engine causes the plaintext compare engine to halt operation, wherein causing the plaintext compare engine to halt operation prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein upon a failure of at least two of the first compare engine, the second compare engine, and the plaintext compare engine prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a fault tolerant cryptographic control system, wherein a fault of 1) the first cipher engine or the second cipher engine and 2) one or more of the first compare engine, the second compare engine, and the plaintext compare engine prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a method for cross-domain comparison with fault tolerant cryptographic control including: transmitting copies of an outbound data packet from a first domain to a first cipher engine, a second cipher engine, and a plaintext compare engine; encrypting the outbound data packet via the first cipher engine, the encryption creating a first ciphertext data packet; encrypting the outbound data packet via the second cipher engine, the encryption creating a second ciphertext data packet; generating a first one-time pad via a first random number generator (RNG); transmitting the first one-time pad to a first front-end logic gate and a first compare engine; generating at least one second one-time pad via at least one second RNG; transmitting the at least one second one-time pad to at least one second front-end logic gate and at least one second compare engine; single encrypting the first ciphertext data packet via the first front-end logic gate according to the first one-time pad; double encrypting the first ciphertext data packet via the at least one second front-end logic gate according to the at least one second one-time pad; triple encrypting the first ciphertext data packet via at least one third front-end logic gate according to an at least one third one-time pad; storing the at least one third encrypted ciphertext data packet within a hold register; comparing, via the first compare engine the first ciphertext data packet and the second ciphertext data packet according to at least one security policy; comparing, via the at least one second compare engine, the first ciphertext data packet and the second ciphertext data packet according to the at least one security policy; comparing, via the plaintext compare engine, the outbound data packet and the second ciphertext data packet; indicating a successful comparison of the first ciphertext data packet and the second ciphertext data packet by the first compare engine by 1) transmitting a first release signal to the hold register and 2) transmitting the first one-time pad to a first back-end logic gate; indicating a successful comparison of the first ciphertext data packet and the second ciphertext data packet by the at least one second compare engine by 1) transmitting at least one second release signal to the hold register and 2) transmitting the at least one second one-time pad to the at least one second back-end logic gate; indicating a successful comparison of the outbound data packet and the second ciphertext data packet by the plaintext compare engine by; 1) transmitting at least one third release signal to the hold register and 2) transmitting the at least one third one-time pad to at least one third back-end logic gate; when the hold register has received the first release signal, the at least one second release signal, and the at least one third release signal, releasing the at least one third encrypted ciphertext data packet to the first back-end logic gate; partially decrypting the at least one third encrypted ciphertext data packet via the first back-end logic gate according to the first one-time pad; partially decrypting the at least one double encrypted ciphertext data packet via the second back-end logic gate according to the second one-time pad; fully decrypting the at least one partially decrypted ciphertext data packet via the at least one third back-end logic gate according to the at least one third one-time pad; and transmitting from the at least one third back-end logic gate the at least one fully decrypted ciphertext data packet.

In some embodiments, the techniques described herein relate to a method, wherein the first front-end logic gate, the at least one second front-end logic gate, the first back-end logic gate, and the at least one second back-end logic gate include at least one bitwise exclusive-or (XOR) logic gate.

In some embodiments, the techniques described herein relate to a method, wherein a fault of the first cipher engine prevents the first cipher engine from generating a first ciphertext data packet, wherein preventing the first cipher engine from generating a first ciphertext data packet causes the first compare engine and the second compare engine to halt operation and prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a method, wherein a fault of the first cipher engine prevents the second cipher engine from generating a second ciphertext data packet, wherein preventing the second cipher engine from generating a second ciphertext data packet causes the first compare engine and the second compare engine to halt operation and prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a method, wherein a fault one or more RNGs causes a generation of poor quality random numbers, wherein the generation of poor quality random numbers does not prevent encryption of the generating a first ciphertext data packet by the first cipher engine, and does not prevent the first ciphertext data packet from being received by a ciphertext output port.

In some embodiments, the techniques described herein relate to a method, wherein a fault in the first compare engine causes a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet, wherein a mis-comparison between the first ciphertext data packet and the second first ciphertext data packet prevents the first ciphertext data packet from being released from the hold register.

In some embodiments, the techniques described herein relate to a method, wherein a successful comparison of the plaintext input data packet to the second ciphertext data packet is a determination that the plaintext input data packet and the second ciphertext data packet are not equal.

This Summary is provided solely as an introduction to subject matter that is fully described in the Detailed Description and Drawings. The Summary should not be considered to describe essential features nor be used to determine the scope of the Claims. Moreover, it is to be understood that both the foregoing Summary and the following Detailed Description are example and explanatory only and are not necessarily restrictive of the subject matter claimed.

Before explaining one or more embodiments of the disclosure in detail, it is to be understood that the embodiments are not limited in their application to the details of construction and the arrangement of the components or steps or methodologies set forth in the following description or illustrated in the drawings. In the following detailed description of embodiments, numerous specific details may be set forth in order to provide a more thorough understanding of the disclosure. However, it will be apparent to one of ordinary skill in the art having the benefit of the instant disclosure that the embodiments disclosed herein may be practiced without some of these specific details. In other instances, well-known features may not be described in detail to avoid unnecessarily complicating the instant disclosure.

As used herein, a letter following a reference numeral is intended to reference an embodiment of the feature or element that may be similar, but not necessarily identical, to a previously described element or feature bearing the same reference numeral (e.g., 1, 1a, 1b). Such shorthand notations are used for purposes of convenience only and should not be construed to limit the disclosure in any way unless expressly stated to the contrary.

Further, unless expressly stated to the contrary, “or” refers to an inclusive or and not to an exclusive or. For example, a condition A or B is satisfied by any one of the following: A is true (or present) and B is false (or not present), A is false (or not present) and B is true (or present), and both A and B are true (or present).

In addition, use of “a” or “an” may be employed to describe elements and components of embodiments disclosed herein. This is done merely for convenience and “a” and “an” are intended to include “one” or “at least one,” and the singular also includes the plural unless it is obvious that it is meant otherwise.

Finally, as used herein any reference to “one embodiment” or “some embodiments” means that a particular element, feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment disclosed herein. The appearances of the phrase “in some embodiments” in various places in the specification are not necessarily all referring to the same embodiment, and embodiments may include one or more of the features expressly described or inherently present herein, or any combination or sub-combination of two or more such features, along with any other features which may not necessarily be expressly described or inherently present in the instant disclosure.

1 2 3 FIGS.B,, and 1 4 FIGS.A, 5 Broadly speaking, embodiments of the inventive concepts disclosed herein are broadly directed to systems and methods of a cross-domain solutions and fault tolerant cryptographic control systems for ensuring proper encryption and decryption of sensitive communications that include plaintext data from a first domain to a second domain. The system and methods utilize a functional architecture with cryptographic controls to establish fault tolerance, as opposed to specific design element redundancy and monitors to establish fault tolerance. These cryptographic controls function to prevent single and/or dual faults from causing plaintext data to exfiltrate out of a ciphertext interface.describe architectures for cross-domain solutions, whereas,, andA-C describe fault tolerant cryptographic control systems that share similar architectures to the cross-domain solutions.

90 92 106 94 96 106 96 1 FIG.A A generalized schemefor encrypting plaintext data is shown in, in accordance with one or more embodiments of the disclosure. Here, plaintext is received by a fault tolerant cryptographic control system. The cross-domain solutionis intended to ensure that plaintext transmitted from a transmitting domain is properly received as ciphertext by the receiving domain. The plaintext is encrypted into ciphertext via one or more encryption algorithms. In some instances, the encryption of the plaintext is disrupted by a faultoccurring within the fault tolerant cryptographic control system cross-domain solution, resulting in the plaintext not effectively encrypted into ciphertext. For example, the faultcould lead to plaintext being received by the receiving domain in an unencrypted state.

92 106 In embodiments, the fault tolerant cryptographic control systemprovides for the secure transfer of data between different domains of a processing environment having multiple independent levels of security (MILS), e.g., differing security classification levels. Such a fault tolerant cryptographic control system cross-domain solutionprovides the necessary redundancy without adding latency to the system.

1 FIG.B 100 100 102 104 106 108 110 Referring to, a MILS processing environmentis shown, in accordance with one or more embodiments of the disclosure. The MILS processing environmentmay include a first processing domain, a second processing domain, and a cross-domain solutionhaving guard engines,. We note that a MILS processing environment is disclosed in U.S. Pat. No. 11,296,876, filed on Sep. 11, 2020, which is incorporated by reference in its entirety.

102 104 102 104 106 108 110 108 112 102 104 110 110 112 104 In embodiments, the first domainand the second domainmay have significantly different (e.g., and/or mutually incompatible) security classification levels and/or security policies. Conventional cross-domain solutions may achieve certifiability by providing both redundancy and non-bypassability (e.g., any data traveling between the first domainand the second domaincannot bypass the cross-domain solution). One way of achieving both objectives is sequential processing, whereby the guard enginesandare dissimilar guard engines. For example, the first guard engine(e.g., primary guard engine) may analyze an outbound data packet (; e.g., in transit between the first domainand the second domain) against one or more policies and, should the data packet be found passable, passes the data packet to the second guard engine(e.g., secondary guard engine), which also analyzes the data packet against one or more policies. Should the second guard enginealso find the data packetpassable, it will be passed along to the second domain.

106 102 104 100 100 108 110 106 112 102 104 106 102 104 108 110 In embodiments, the cross-domain solutionmay achieve the redundancy and non-bypassability of the conventional approach described above, but without the processing latency associated with sequential processing. For example, the first domainand the second domainmay represent any two physical devices or components within the MILS environment, or any two virtual components (e.g., if the MILS environmentis a multi-core processing environment virtualized by a hypervisor and/or operating system). The guard engines,of the cross-domain solutionmay be redundant guard engines, or they may be dissimilar guard engines configured for data analysis (e.g., of data packetsin transit between the first domainand the second domain) according to dissimilar policy sets. In embodiments, the cross-domain solutionpreserves a redundant and non-bypassable path between the first domainand the second domainwithout the latency associated with sequential processing by configuring the guard engines,in parallel while providing for sequential cryptographic controls.

2 FIG. 2 FIG. 106 106 108 110 202 204 206 208 210 212 214 Referring now tothe cross-domain solutionis disclosed. The cross-domain solutionmay include, in addition to the primary guard engineand secondary guard engine, a hold register, random number generators,(RNG), and logic gates,,,. We note that a cross-domain solution similar tois disclosed in U.S. Pat. No. 11,296,876, filed on Sep. 11, 2020, which is incorporated by reference in its entirety.

108 110 102 104 208 214 208 210 202 212 214 204 206 216 218 112 102 104 1 FIG. 1 FIG. In embodiments, the primary and secondary guard engines,are connected in parallel between the first domain (,) and the second domain (,), while the logic gates-are connected in series, e.g., a first logic gateand a second logic gatebetween the first domain and the hold register(e.g., first and second front-end logic gates), and a third logic gateand a fourth logic gatesituated between the hold register and the second domain (e.g., first and second back-end logic gates). For example, the first RNGand the second RNGmay each generate a unique random number (,) (e.g., one-time pad) for double encryption of each data packetin transit between the first domainand the second domain.

208 210 212 214 208 112 112 216 204 112 218 206 112 202 108 110 a b In embodiments, the logic gates,,,may be bitwise exclusive-or (XOR) logic gates or any like appropriate cryptographic modules. For example, the first logic gatemay encrypt the data packetby computing an XOR of the incoming data packetand the random numberreceived from the first RNG. The single-encrypted data packet () may then be double-encrypted by the second logic gate in similar fashion computing an XOR using the random numberreceived from the second RNG. The double-encrypted data packet () may then be stored by the hold registeruntil released by the guard engines,.

208 210 108 110 108 216 204 110 218 206 108 110 112 108 110 108 110 In embodiments, while the first and second logic gates,may operate sequentially, the guard engines,may operate in parallel. For example, the first guard enginemay receive a copy of the first random numbergenerated by the first RNG; similarly, the second guard enginemay receive a copy of the second random numbergenerated by the second RNG. The first guard engineand the second guard enginemay inspect the data packetin parallel. In some embodiments, the first guard engineand the second guard engineare redundant (e.g., protecting against a fault in either guard engine). In some embodiments, the first guard engineand the second guard engineare dissimilar (e.g., protecting against latent defects or bugs that may not be detectable by the other guard engine).

108 112 104 220 202 216 212 110 112 104 222 202 218 214 202 220 222 112 212 214 b In embodiments, when the first guard engineapproves the data packetfor transfer to the second domain, the first guard engine may transmit a release signal (; e.g., release strobe) to the hold registerand transmit the first random numberto the third logic gate(e.g., first back-end logic gate). Similarly, when the second guard engineapproves the data packetfor transfer to the second domain, the second guard engine may also transmit a release signalto the hold registerand likewise transmit the second random numberto the fourth logic gate(e.g., second back-end logic gate). Only when the hold registerreceives both release signals,is the double encrypted data packetreleased for double decryption by the back-end logic gates,.

108 110 112 108 220 202 216 212 110 112 222 202 218 214 112 104 108 110 202 112 108 110 102 104 In embodiments, either the first guard engineor the second guard enginemay reject the data packet. For example, in the event of a rejection the first guard enginemay withhold the release signalfrom the hold registerand the random numberfrom the first back-end logic gate. Similarly, the second guard engine, upon rejecting the data packet, may withhold the release signalfrom the hold registerand the random numberfrom the second back-end logic gate. In either case, the data packetmay be prevented from reaching the second domain. In some embodiments, the rejecting guard engine (,) may clear the hold register. In the event of a rejection of the data packet, the rejecting guard engine (,) may notify the first domainand/or the second domainof the rejection.

212 214 112 104 202 112 220 222 212 216 208 212 218 112 104 112 212 214 216 218 112 104 100 b b b a b In embodiments, the back-end logic gates,may sequentially double decrypt the double-encrypted data packetfor transfer to the second domain. For example, the hold registermay release the double-encrypted data packet(e.g., upon receipt of both release signals,as described above) to the third logic gate, which partially decrypts the data packet according to the first random number(e.g., canceling out the first front-end logic gate). The partially decrypted data packet may then be passed to the fourth logic gatefor partial decryption (e.g., completion of the sequential decryption process) according to the second random number. The double decrypted data packetmay then pass to the second domainas a plain text data packet. Any errant release of the data packetthrough the back-end logic gates,for decryption prior to the back-end logic gates being updated with the relevant random numbers,results in an unrecoverable encrypted data packet-being passed to the second domain, maintaining the MILS integrity of the MILS processing environment.

106 112 108 110 112 112 112 a b a b In embodiments, implementation of sequential double decryption by the cross-domain solutionmay enforce sequential redundant inspection of the data packet. For example, a failure of either the first or second guard engine,, resulting in an errant transmission or rejection of the data packet-by either or both guard engines, leaves the outgoing data packet in a single-encrypted () or double-encrypted () state (e.g., and unrecoverable in either state).

3 FIG. 2 FIG. 3 FIG. 106 106 106 108 110 302 204 206 304 208 210 306 212 214 308 a a Referring to, the cross-domain solutionmay be implemented and may function similarly to the cross-domain solutionof, except that the cross-domain solutionmay be scaled up to include three parallel guard engines,,; three RNGs,,; and three front-end and back-end logic gates (e.g., front-end logic gates,,and back-end logic gates,,). We note that a cross-domain solution similar tois disclosed in U.S. Pat. No. 11,296,876, filed on Sep. 11, 2020, which is incorporated by reference in its entirety.

106 112 208 210 306 216 218 310 112 306 202 220 222 312 108 110 302 112 112 212 214 308 216 218 310 108 110 302 112 a c c In embodiments, the cross-domain solutionmay sequentially triple-encrypt the data packetvia front-end logic gates,,according to random numbers,,. The triple-encrypted data packet(e.g., after the third and final stage of sequential encryption by the third front-end logic gate) may be stored by the hold registeruntil release signals,,are received from all three guard engines,,indicating their inspection and approval of the data packet. The released triple-encrypted data packetmay be sequentially decrypted by the back-end logic gates,,according to the random numbers,,transmitted to the back-end logic gates by the guard engines,,upon inspection and approval of the data packet.

4 FIG. 400 400 92 92 400 404 102 408 104 400 104 102 a illustrates a schematic of a fault tolerant cryptographic controlin accordance with one or more embodiments of the disclosure. Fault tolerant cryptographic controlmay include one or more components of the cross-domain solutions,, and vice versa. The fault tolerant cryptographic controlenables decrypted plain text data, such as a plaintext input (e.g., received by a plaintext input port) from a first domainto be outputted as an encrypted ciphertext output (e.g., via a ciphertext output port) that can be safely received by the second domain. The fault tolerant cryptographic controlmay also include components that similarly allow plaintext from the second domainto be received as ciphertext by the first domain, as described herein.

400 It should be understood that if ciphertext data arrives on the plaintext side due to a fault, ciphertext is unusable, as it is still encrypted. However, data that faults from the plaintext side to the ciphertext side is of consequence, which is addressed by fault tolerant cryptographic control.

404 412 416 419 402 412 416 412 421 416 422 In embodiments, a plaintext input received from the one or more plaintext input portsis routed to a first cipher engine, and a copy of the plaintext input is routed to a second cipher engine, and a third copy (PT) is routed to a plaintext compare engine. The first cipher engineand second cipher engineeach complete an encryption on a block of data using an algorithm such as AES. For example, the first cipher enginegenerates a first ciphertext data packet (CT-A) and the second cipher enginegenerates a second ciphertext data packet (CT-B).

402 417 418 302 108 110 92 402 417 418 112 417 418 412 416 402 419 416 416 419 a The plaintext compare engine, as well as first comparison engineand second comparison enginehas some similarity to the third guard engine, first guard engine, and second guard engineof cross domain solution, respectively. However, the plaintext compare engine, the first comparison engineand the second comparison engineoperates on plaintext, inspecting the context of the plain text to ensure the information contained within the data packetinspected is safe to transmit to the other side. This is done using a set of rules established a priori. For example, the first comparison engineand the second comparison enginereceive the outputs of the first cipher engineand second cipher engine, and perform a bit-by-bit comparison for agreement (e.g., absolute agreement). In another example, the plaintext compare enginereceives the plaintext input (PT) and performs a compare function for disagreement. For instance, if the encryption by the second cipher engineis performed, then the output from the second cipher engineand the plaintext input (PT) should not match.

412 416 400 208 210 306 212 214 308 400 408 It should be understood that once the plaintext has been converted to ciphertext by the first cipher engineand the second cipher enginethat the plaintext has been encrypted. However, the fault tolerant cryptographic controlfurther encrypts the ciphertext, and then decrypts the “encrypted” ciphertext back to a base encrypted level (e.g., not decrypted from ciphertext to plaintext) as part of the control process. For the sake of clarity, a partial or full decryption of a partially or fully encrypted ciphertext (e.g., by logic gates,,,,,) within the fault tolerant cryptographic controlis intended to mean that the partially or fully decrypted ciphertext is still ciphertext and not plaintext. Once the ciphertext output leaves the ciphertext output port, the ciphertext may be decrypted back to plaintext.

204 206 304 412 416 In embodiments, the first RNG, the second RNG, and the third RNGsgenerate random numbers. These random numbers may be equivalent to the same block size as the output of the first cipher engineand the second cipher engine(for example 128 bits in the case of AES). The random number may be either a true random number generator, or a pseudo random number generator seeded with a random value.

412 208 204 420 208 210 206 424 210 306 304 428 306 202 417 418 402 202 208 210 306 In embodiments, the output of the first cipher engineis first encrypted (e.g., XOR'd) by logic gatewith the one-time-pad output of the first RNG(e.g., RND-A). The result of logic gateis then encrypted again (e.g., double encrypted) via logic gatewith a one-time-pad output of the second RNG(e.g., RND-B). The result of logic gateis then encrypted again (e.g., triple encrypted) via logic gatewith a one-time-pad output of the third RNG) (e.g., RND-C). The output of the logic gateis then placed in the hold registerto await release upon a successful comparison of the first compare engine, the second compare engine,, and the plaintext compare engine. Therefore, the block held within the hold registeris triple encrypted as expressed by XOR functions (e.g., with logic gates,,acting as logic functions performing an encryption).

417 421 422 412 416 420 417 421 422 417 421 422 417 421 422 417 202 420 212 In embodiments, the first compare enginereceives and compares inputs CT-Aand CT-Bfrom the first cipher engineand the second cipher engine, respectively. The one-time-pad RND-Amay be inputted to the First Compare Enginefor later output contingent upon a successful comparison. Once the comparison function is complete, inputs CT-Aand CT-Bat the first compare enginemay be erased, as there is no path for the CT-Aand CT-Bdata packets to be received from the output of the first compare engine. Upon a successful comparison between inputs CT-Aand CT-B, the first compare enginesends a release (e.g., Release A) to the hold register, and the one-time-pad RND-Ais released for use by logic gate.

418 421 422 412 416 424 418 421 422 418 421 422 418 421 422 418 202 424 214 In embodiments, the second compare enginereceives and compares inputs CT-Aand CT-Bfrom the first cipher engineand the second cipher engine, respectively. The one-time-pad RND-Bmay be inputted to the Second Compare Enginefor later output contingent upon a successful comparison. Once the comparison function is complete, inputs CT-Aand CT-Bat the second compare enginemay be erased, as there is no path for the CT-Aand CT-Bdata packets to be received from the output of the second compare engine. Upon a successful comparison between inputs CT-Aand CT-B, the second compare enginesends a release (e.g., Release B) to the hold register, and the one-time-pad RND-Bis released for use by logic gate.

402 419 422 428 402 419 422 402 419 422 402 202 308 212 214 308 In embodiments, the plaintext compare enginereceives the plaintext output (PT) and input CT-Bfor comparison. The one-time-pad RND-Cis also inputted to the Plaintext Compare Enginefor later output contingent upon a successful comparison (e.g., no matching, or less than exact matching between the plaintext and ciphertext). Once the compare function is complete, PTand input CT-Bmay be erased, as there is no path for either the plaintext data packets to arrive at the hold register from the plaintext compare engine. Upon a successful comparison (e.g., non-matching) between PTand input CT-B, the plaintext compare enginesends a release (Release C) to the hold register, and the one-time-pad is released to logic gate(e.g., with logic gates,,acting as logic functions performing an decryption).

202 212 214 308 112 421 412 212 420 214 424 308 421 428 c Upon successful comparisons of all compare functions, the contents of the hold registeris released to logic gates,,. This later set of logic gates removes the RND one-time-pads, thereby decrypting the data packetleaving it in its natively encrypted form (e.g., as input CT-Afrom the first cipher engine). For example, the logic gatemay partially decrypt the third-encrypted ciphertext data packet according to the first one-time pad RND-A. In another example, the logic gatemay partially decrypt the second-encrypted ciphertext data packet according to the second one-time pad RND-B. In another example, the logic gatemay fully decrypt (e.g., to the native ciphertext input CT-A) the third-encrypted ciphertext data packet according to the third one-time pad RND-C.

400 412 416 204 206 304 402 417 418 400 In embodiments, parallel or redundant components within the fault tolerant cryptographic controlare procured from different sources. For example, the first cipher enginemay be sourced from a different company or manufacturer than the second cipher engine(e.g., running the same algorithm). Similarly, the random number generators,,, and compare engines,,, may be differently sourced. Building the fault tolerant cryptographic controlfrom different sources reduces the possibility of a common mode failure.

5 5 FIGS.A throughC 500 500 400 are flow diagrams illustrating a methodfor comparison with fault tolerant cryptographic control, according to example embodiments of this disclosure. The methodmay be utilized by the fault tolerant cryptographic controlas described herein.

500 502 102 412 416 402 412 416 402 In embodiments, the methodincludes a stepof transmitting copies of an outbound data packet from a first domainto a first cipher engine, a second cipher engine, and a plaintext compare engine. The original outbound data packet may also be sent to the first cipher engine, the second cipher engine, and/or the plaintext compare engine.

500 504 412 412 In embodiments, the methodincludes a stepof encrypting the outbound data packet via the first cipher engine, the encryption creating a first ciphertext data packet (input CT-A).

500 506 416 422 In embodiments, the methodincludes a stepof encrypting the outbound data packet via the second cipher engine, the encryption creating a second ciphertext data packet (input CT-B).

500 508 420 204 In embodiments, the methodincludes a stepof generating a first one-time pad (RND-A) via a first random number generator (RNG).

500 510 420 208 417 In embodiments, the methodincludes a stepof transmitting the first one-time pad (RND-A) to a first front-end logic gateand a first compare engine.

500 512 424 206 In embodiments, the methodincludes a stepof generating at least one second one-time pad (RND-B) via at least one second RNG.

500 514 424 210 418 In embodiments, the methodincludes a stepof transmitting the at least one second one-time pad (RND-B) to at least one second front-end logic gateand at least one second compare engine.

500 515 422 304 In embodiments, the methodincludes a stepof generating a third one-time-pad (RND-C) via a third RNG.

500 516 422 306 402 In embodiments, the methodincludes a stepof transmitting the third one-time-pad (RND-C) to the third-front end logic gateand plaintext compare engine.

500 517 421 208 420 In embodiments, the methodincludes a stepof single encrypting the first ciphertext data packet (CT-A) via the first front-end logic gateaccording to the first one-time pad (RND-A).

500 518 421 210 424 In embodiments, the methodincludes a stepof double encrypting the first ciphertext data packet (CT-A) via the at least one second front-end logic gateaccording to the at least one second one-time pad (RND-B).

500 520 421 306 428 In embodiments, the methodincludes a stepof triple encrypting the first ciphertext data packet (CT-A) via at least one third front-end logic gateaccording to an at least one third one-time pad (RND-C).

500 522 421 In embodiments, the methodincludes a stepof storing the at least one third encrypted ciphertext data packet (CT-A) within a hold register.

500 524 417 421 422 In embodiments, the methodincludes a stepof comparing, via the first compare enginethe first ciphertext data packet (CT-A) and the second ciphertext data packet (CT-B) according to at least one security policy (e.g., a set of rules established a priori).

500 526 418 421 422 In embodiments, the methodincludes a stepof comparing, via the at least one second compare engine, the first ciphertext data packet (CT-A) and the second ciphertext data packet (CT-B) according to the at least one security policy (e.g., a set of rules established a priori).

500 528 402 419 422 421 422 In embodiments, the methodincludes a stepof comparing, via the plaintext compare engine, the outbound data packet (PT) and the second ciphertext data packet (CT-B). For example, the first ciphertext data packet (CT-A) and the second ciphertext data packet (CT-B) may be compared according to the at least one security policy (e.g., a set of rules established a priori).

500 530 421 422 417 202 420 212 In embodiments, the methodincludes a stepof indicating a successful comparison of the first ciphertext data packet (CT-A) and the second ciphertext data packet (CT-B) by the first compare engineby 1) transmitting a first release signal to the hold registerand 2) transmitting the first one-time pad (RND-A) to a first back-end logic gate.

500 532 421 422 418 202 424 214 In embodiments, the methodincludes a stepof indicating a successful comparison of the first ciphertext data packet (CT-A) and the second ciphertext data packet (CT-B) by the at least one second compare engineby 1) transmitting at least one second release signal to the hold registerand 2) transmitting the at least one second one-time pad (RND-B) to the at least one second back-end logic gate.

500 534 419 422 402 202 428 308 419 422 419 422 In embodiments, the methodincludes a stepof indicating a successful comparison of the outbound data packet (PT) and the second ciphertext data packet (CT-B) by the plaintext compare engineby; 1) transmitting at least one third release signal to the hold registerand 2) transmitting the at least one third one-time pad (RND-C) to at least one third back-end logic gate. For example, a successful comparison of the plaintext input data packet PTto the second ciphertext data packet CT-B(e.g., where the comparison evaluates as TRUE) may be an determination that the plaintext input data packet PTand the second ciphertext data packet CT-Bare NOT EQUAL.

500 536 202 421 212 In embodiments, the methodincludes a stepof, when the hold registerhas received the first release signal, the at least one second release signal, and the at least one third release signal, releasing the at least one third encrypted ciphertext data packet (CT-A) to the first back-end logic gate.

500 538 421 212 420 In embodiments, the methodincludes a stepof partially decrypting the at least one third encrypted ciphertext data packet (CT-A) via the first back-end logic gateaccording to the first one-time pad (RND-A).

500 540 421 214 424 In embodiments, the methodincludes a stepof partially decrypting the at least one double encrypted ciphertext data packet (CT-A) via the second back-end logic gateaccording to the second one-time pad (RND-B).

500 542 421 412 308 428 In embodiments, the methodincludes a stepof fully decrypting the at least one partially decrypted ciphertext data packet (CT-A) (e.g., to the native ciphertext data packet encrypted by the first cipher engine) via the at least one third back-end logic gateaccording to the at least one third one-time pad (RND-C).

500 544 308 104 408 In embodiments, the methodincludes a stepof transmitting, from the at least one second back-end logic gate, the at least one fully decrypted ciphertext data packet (e.g., to a second domainvia the ciphertext output port.

400 208 210 306 400 400 408 400 400 408 Due to the redundant nature of the fault tolerant cryptographic control, no single fault or dual fault in the data path can leak information because the data is encrypted by the logic gates,,. No single fault or dual fault in the comparator path can leak data because the ciphertext and plaintext data has no path to the output of the compare function, as only the random number being held in the register of the comparison function can exit the compare function. Table 1 lists the single faults that can occur within the fault tolerant cryptographic controland how the fault tolerant cryptographic controlprevents plaintext from leaking (e.g., to the ciphertext output port) after the fault has occurred. Table 2 lists the dual faults that can occur within the fault tolerant cryptographic controland how the fault tolerant cryptographic controlprevents plaintext from leaking (e.g., to the ciphertext output port) after the dual faults have occurred.

TABLE 1 Faulted Item Issue Consequence First Cipher Fails to encrypt First compare engine 417 and Second compare Engine 412 engine 418 halt operation, RND-A and RND-B not released to logic gates, leaving ciphertext in hold register 202 double encrypted Second Cipher Fails to encrypt First compare engine 417 and Second compare Engine 416 engine 418 halt operation, RND-A and RND-B not released to logic gates, leaving ciphertext in hold register 202 double encrypted First RNG 204 Poor quality random Plaintext is correctly encrypted, and ciphertext is number output Second RNG 206 Poor random number Plaintext is correctly encrypted, and ciphertext is output First Compare Mis-comparison of CT-A Hold Register 202 is not released; RND-A not released Engine 417 with CT-B or functional to logic gate 212 leaving ciphertext in hold register failure 202 double encrypted Second Compare Mis-comparison of CT B Hold Register 202 is not released; RND-B is not Engine 418 with CT A or functional released back into failure Hold Register Releases early Contents remain encrypted by RND A and RND B 202 (premature release) Any logic gate Fails to function (XOR) Contents remain encrypted by RND A or RND B

TABLE 2 Faulted Items Issue Consequence First Cipher Engine Fail to encrypt Plaintext Compare Engine 402 halts operation, RND- 412 and Second C not released to logic gate 308, leaving ciphertext in Cipher Engine 416 hold register 202 encrypted by RNDs All RNGs 204, 206, Poor quality Plaintext is correctly encrypted, and Ciphertext is 304 random correctly output number All Compare Engines Mis- Hold Register 202 is not released, RNDs not released 417, 418, 402 comparison to logic gates, leaving ciphertext in hold register or functional encrypted by RNDs failure (First Cipher Engine Fails to The unfaulted pair halts operation, with associated 412 or Second encrypt and RNDs not released to respective logic gates, leaving Cipher Engine 416) mis-compares ciphertext in hold register 202 encrypted by RNDs and (First Compare as valid Engine 417 or Second Compare Engine 418) Any to all logic gates Fails to XOR Plaintext is correctly encrypted and ciphertext is correctly output with carrying levels of encryption by one or more RNDs

It is to be understood that embodiments of the methods disclosed herein may include one or more of the steps described herein. Further, such steps may be carried out in any desired order and two or more of the steps may be carried out simultaneously with one another. Two or more of the steps disclosed herein may be combined in a single step, and in some embodiments, one or more of the steps may be carried out as two or more sub-steps. Further, other steps or sub-steps may be carried in addition to, or as substitutes to one or more of the steps disclosed herein.

Although inventive concepts have been described with reference to the embodiments illustrated in the attached drawing figures, equivalents may be employed and substitutions made herein without departing from the scope of the claims. Components illustrated and described herein are merely examples of a system/device and components that may be used to implement embodiments of the inventive concepts and may be replaced with other devices and components without departing from the scope of the claims. Furthermore, any dimensions, degrees, and/or numerical ranges provided herein are to be understood as non-limiting examples unless otherwise specified in the claims.